~ubuntu-branches/ubuntu/natty/openssl/natty

INSTALLATION ON THE NETWARE PLATFORM

------------------------------------

Notes about building OpenSSL for NetWare.

BUILD PLATFORM:

---------------

The build scripts (batch files, perl scripts, etc) have been developed and

tested on W2K.  The scripts should run fine on other Windows platforms

(NT, Win9x, WinXP) but they have not been tested.  They may require some

modifications.

Supported NetWare Platforms - NetWare 5.x, NetWare 6.x:

-------------------------------------------------------

OpenSSL can either use the WinSock interfaces introduced in NetWare 5,

or the BSD socket interface.  Previous versions of NetWare, 4.x and 3.x,

are only supported if OpenSSL is build for CLIB and BSD sockets;

WinSock builds only support NetWare 5 and up.

On NetWare there are two c-runtime libraries.  There is the legacy CLIB 

interfaces and the newer LIBC interfaces.  Being ANSI-C libraries, the 

functionality in CLIB and LIBC is similar but the LIBC interfaces are built 

using Novell Kernal Services (NKS) which is designed to leverage 

multi-processor environments.

The NetWare port of OpenSSL can be configured to build using CLIB or LIBC.

The CLIB build was developed and tested using NetWare 5.0 sp6.0a.  The LIBC 

build was developed and tested using the NetWare 6.0 FCS.  

The necessary LIBC functionality ships with NetWare 6.  However, earlier 

NetWare 5.x versions will require updates in order to run the OpenSSL LIBC

build (NetWare 5.1 SP8 is known to work).

As of June 2005, the LIBC build can be configured to use BSD sockets instead

of WinSock sockets. Call Configure (usually through netware\build.bat) using

a target of "netware-libc-bsdsock" instead of "netware-libc".

As of June 2007, support for CLIB and BSD sockets is also now available

using a target of "netware-clib-bsdsock" instead of "netware-clib";

also gcc builds are now supported on both Linux and Win32 (post 0.9.8e).

REQUIRED TOOLS:

---------------

Based upon the configuration and build options used, some or all of the

following tools may be required:

* Perl for Win32 - required (http://www.activestate.com/ActivePerl)

   Used to run the various perl scripts on the build platform.

* Perl 5.8.0 for NetWare v3.20 (or later) - required 

   (http://developer.novell.com) Used to run the test script on NetWare 

   after building.

* Compiler / Linker - required:

   Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare (commercial):

      Provides command line tools used for building.

      Tools:

      mwccnlm.exe  - C/C++ Compiler for NetWare

      mwldnlm.exe  - Linker for NetWare

      mwasmnlm.exe - x86 assembler for NetWare (if using assembly option)

   gcc / nlmconv Cross-Compiler, available from Novell Forge (free):

         http://forge.novell.com/modules/xfmod/project/?aunixnw

* Assemblers - optional:

   If you intend to build using the assembly options you will need an

   assembler.  Work has been completed to support two assemblers, Metrowerks

   and NASM.  However, during development, a bug was found in the Metrowerks

   assembler which generates incorrect code.  Until this problem is fixed,

   the Metrowerks assembler cannot be used.

   mwasmnlm.exe - Metrowerks x86 assembler - part of CodeWarrior tools.

         (version 2.2 Built Aug 23, 1999 - not useable due to code

          generation bug)

   nasmw.exe - Netwide Assembler NASM

         version 0.98 was used in development and testing

* Make Tool - required:

   In order to build you will need a make tool.  Two make tools are

   supported, GNU make (gmake.exe) or Microsoft nmake.exe.

   make.exe - GNU make for Windows (version 3.75 used for development)

         http://gnuwin32.sourceforge.net/packages/make.htm

   nmake.exe - Microsoft make (Version 6.00.8168.0 used for development)

         http://support.microsoft.com/kb/132084/EN-US/

* Novell Developer Kit (NDK) - required: (http://developer.novell.com)

   CLIB - BUILDS:

      WinSock2 Developer Components for NetWare:

         For initial development, the October 27, 2000 version was used.

         However, future versions should also work.

         NOTE:  The WinSock2 components include headers & import files for

         NetWare, but you will also need the winsock2.h and supporting

         headers (pshpack4.h, poppack.h, qos.h) delivered in the

         Microsoft SDK.  Note: The winsock2.h support headers may change

         with various versions of winsock2.h.  Check the dependencies

         section on the NDK WinSock2 download page for the latest

         information on dependencies. These components are unsupported by

         Novell. They are provided as a courtesy, but it is strongly

         suggested that all development be done using LIBC, not CLIB.

         As of June 2005, the WinSock2 components are available at:

         http://forgeftp.novell.com//ws2comp/

      NLM and NetWare libraries for C (including CLIB and XPlat):

         If you are going to build a CLIB version of OpenSSL, you will

         need the CLIB headers and imports.  The March, 2001 NDK release or 

         later is recommended.

         Earlier versions should work but haven't been tested.  In recent

         versions the import files have been consolidated and function

         names moved.  This means you may run into link problems

         (undefined symbols) when using earlier versions.   The functions

         are available in earlier versions, but you will have to modifiy

         the make files to include additional import files (see

         openssl\util\pl\netware.pl).

   LIBC - BUILDS:

      Libraries for C (LIBC) - LIBC headers and import files

         If you are going to build a LIBC version of OpenSSL, you will

         need the LIBC headers and imports.  The March 14, 2002 NDK release or

         later is required.  

         NOTE: The LIBC SDK includes the necessary WinSock2 support.

         It is not necessary to download the WinSock2 NDK when building for

         LIBC. The LIBC SDK also includes the appropriate BSD socket support

         if configuring to use BSD sockets.

BUILDING:

---------

Before building, you will need to set a few environment variables.  You can

set them manually or you can modify the "netware\set_env.bat" file.

The set_env.bat file is a template you can use to set up the path

and environment variables you will need to build.  Modify the

various lines to point to YOUR tools and run set_env.bat.

   netware\set_env.bat <target> [compiler]

      target        - "netware-clib" - CLIB NetWare build

                    - "netware-libc" - LIBC NetWare build

      compiler      - "gnuc"         - GNU GCC Compiler

                    - "codewarrior"  - MetroWerks CodeWarrior (default)

If you don't use set_env.bat, you will need to set up the following

environment variables:

   PATH - Set PATH to point to the tools you will use.

   INCLUDE - The location of the NDK include files.

            CLIB ex: set INCLUDE=c:\ndk\nwsdk\include\nlm

            LIBC ex: set INCLUDE=c:\ndk\libc\include

   PRELUDE - The absolute path of the prelude object to link with.  For

            a CLIB build it is recommended you use the "clibpre.o" files shipped

            with the Metrowerks PDK for NetWare.  For a LIBC build you should 

            use the "libcpre.o" file delivered with the LIBC NDK components.

            CLIB ex: set PRELUDE=c:\ndk\nwsdk\imports\clibpre.o

            LIBC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o

   IMPORTS - The locaton of the NDK import files.

            CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports

            LIBC ex: set IMPORTS=c:\ndk\libc\imports

In order to build, you need to run the Perl scripts to configure the build

process and generate a make file.  There is a batch file,

"netware\build.bat", to automate the process.

Build.bat runs the build configuration scripts and generates a make file.

If an assembly option is specified, it also runs the scripts to generate 

the assembly code.  Always run build.bat from the "openssl" directory.

   netware\build [target] [debug opts] [assembly opts] [configure opts]

      target        - "netware-clib" - CLIB NetWare build (WinSock Sockets)

                    - "netware-clib-bsdsock" - CLIB NetWare build (BSD Sockets)

                    - "netware-libc" - LIBC NetWare build (WinSock Sockets)

                    - "netware-libc-bsdsock" - LIBC NetWare build (BSD Sockets)

      debug opts    - "debug"  - build debug

      assembly opts - "nw-mwasm" - use Metrowerks assembler

                      "nw-nasm"  - use NASM assembler

                      "no-asm"   - don't use assembly

      configure opts- all unrecognized arguments are passed to the

                      perl 'configure' script. See that script for

                      internal documentation regarding options that

                      are available.

   examples:

      CLIB build, debug, without assembly:

         netware\build.bat netware-clib debug no-asm

      LIBC build, non-debug, using NASM assembly, add mdc2 support:

         netware\build.bat netware-libc nw-nasm enable-mdc2

      LIBC build, BSD sockets, non-debug, without assembly:

         netware\build.bat netware-libc-bsdsock no-asm

Running build.bat generates a make file to be processed by your make 

tool (gmake or nmake):

   CLIB ex: gmake -f netware\nlm_clib_dbg.mak 

   LIBC ex: gmake -f netware\nlm_libc.mak 

   LIBC ex: gmake -f netware\nlm_libc_bsdsock.mak 

You can also run the build scripts manually if you do not want to use the

build.bat file.  Run the following scripts in the "\openssl"

subdirectory (in the order listed below):

   perl configure no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock]

      configures no assembly build for specified netware environment

      (CLIB or LIBC).

   perl util\mkfiles.pl >MINFO

      generates a listing of source files (used by mk1mf)

   perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock >netware\nlm.mak

      generates the makefile for NetWare

   gmake -f netware\nlm.mak

      build with the make tool (nmake.exe also works)

NOTE:  If you are building using the assembly option, you must also run the

various Perl scripts to generate the assembly files.  See build.bat

for an example of running the various assembly scripts.  You must use the

"no-asm" option to build without assembly.  The configure and mk1mf scripts

also have various other options.  See the scripts for more information.

The output from the build is placed in the following directories:

   CLIB Debug build:

      out_nw_clib.dbg     - static libs & test nlm(s)

      tmp_nw_clib.dbg     - temporary build files

      outinc_nw_clib      - necessary include files

   CLIB Non-debug build:

      out_nw_clib         - static libs & test nlm(s)

      tmp_nw_clib         - temporary build files

      outinc_nw_clib      - necesary include files

   LIBC Debug build:

      out_nw_libc.dbg     - static libs & test nlm(s)

      tmp_nw_libc.dbg     - temporary build files

      outinc_nw_libc      - necessary include files

   LIBC Non-debug build:

      out_nw_libc         - static libs & test nlm(s)

      tmp_nw_libc         - temporary build files

      outinc_nw_libc      - necesary include files

TESTING:

--------

The build process creates the OpenSSL static libs ( crypto.lib, ssl.lib,

rsaglue.lib ) and several test programs.  You should copy the test programs

to your NetWare server and run the tests.

The batch file "netware\cpy_tests.bat" will copy all the necessary files

to your server for testing.  In order to run the batch file, you need a

drive mapped to your target server.  It will create an "OpenSSL" directory

on the drive and copy the test files to it.  CAUTION: If a directory with the

name of "OpenSSL" already exists, it will be deleted.

To run cpy_tests.bat:

   netware\cpy_tests [output directory] [NetWare drive]

      output directory - "out_nw_clib.dbg", "out_nw_libc", etc.

      NetWare drive    - drive letter of mapped drive

      CLIB ex: netware\cpy_tests out_nw_clib m:

      LIBC ex: netware\cpy_tests out_nw_libc m:

The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server

should be used to execute the tests.  Before running the script, make sure

your SEARCH PATH includes the "OpenSSL" directory.  For example, if you

copied the files to the "sys:" volume you use the command:

   SEARCH ADD SYS:\OPENSSL

To run do_tests.pl type (at the console prompt):

   perl \openssl\do_tests.pl [options]

      options:

         -p    - pause after executing each test

The do_tests.pl script generates a log file "\openssl\test_out\tests.log"

which should be reviewed for errors.  Any errors will be denoted by the word

"ERROR" in the log.

DEVELOPING WITH THE OPENSSL SDK:

--------------------------------

Now that everything is built and tested, you are ready to use the OpenSSL

libraries in your development.

There is no real installation procedure, just copy the static libs and

headers to your build location.  The libs (crypto.lib & ssl.lib) are

located in the appropriate "out_nw_XXXX" directory 

(out_nw_clib, out_nw_libc, etc).  

The headers are located in the appropriate "outinc_nw_XXX" directory 

(outinc_nw_clib, outinc_nw_libc).  

One suggestion is to create the following directory 

structure for the OpenSSL SDK:

   \openssl

      |- bin

      |   |- openssl.nlm

      |   |- (other tests you want)

      |

      |- lib

      |   | - crypto.lib

      |   | - ssl.lib

      |

      |- include

      |   | - openssl

      |   |    | - (all the headers in "outinc_nw\openssl")

The program "openssl.nlm" can be very useful.  It has dozens of

options and you may want to keep it handy for debugging, testing, etc.

When building your apps using OpenSSL, define "NETWARE".  It is needed by

some of the OpenSSL headers.  One way to do this is with a compile option,

for example "-DNETWARE".

NOTES:

------

Resource leaks in Tests

------------------------

Some OpenSSL tests do not clean up resources and NetWare reports

the resource leaks when the tests unload.  If this really bugs you,

you can stop the messages by setting the developer option off at the console

prompt (set developer option = off).  Or better yet, fix the tests to

clean up the resources!

Multi-threaded Development

---------------------------

The NetWare version of OpenSSL is thread-safe, however multi-threaded

applications must provide the necessary locking function callbacks.  This

is described in doc\threads.doc.  The file "openssl-x.x.x\crypto\threads\mttest.c"

is a multi-threaded test program and demonstrates the locking functions.

What is openssl2.nlm?

---------------------

The openssl program has numerous options and can be used for many different

things.  Many of the options operate in an interactive mode requiring the

user to enter data.  Because of this, a default screen is created for the

program.  However, when running the test script it is not desirable to

have a seperate screen.  Therefore, the build also creates openssl2.nlm.

Openssl2.nlm is functionally identical but uses the console screen.

Openssl2 can be used when a non-interactive mode is desired.

NOTE:  There are may other possibilities (command line options, etc)

which could have been used to address the screen issue.  The openssl2.nlm

option was chosen because it impacted only the build not the code.

Why only static libraries?

--------------------------

Globals, globals, and more globals.  The OpenSSL code uses many global

variables that are allocated and initialized when used for the first time.

On NetWare, most applications (at least historically) run in the kernel.

When running in the kernel, there is one instance of global variables.

For regular application type NLM(s) this isn't a problem because they are

the only ones using the globals.  However, for a library NLM (an NLM which

exposes functions and has no threads of execution), the globals cause

problems.  Applications could inadvertently step on each other if they

change some globals.  Even worse, the first application that triggers a

global to be allocated and initialized has the allocated memory charged to

itself.  Now when that application unloads, NetWare will clean up all the

applicaton's memory.  The global pointer variables inside OpenSSL now

point to freed memory.  An abend waiting to happen!

To work correctly in the kernel, library NLM(s) that use globals need to

provide a set of globals (instance data) for each application.  Another

option is to require the library only be loaded in a protected address

space along with the application using it.

Modifying the OpenSSL code to provide a set of globals (instance data) for

each application isn't technically difficult, but due to the large number

globals it would require substantial code changes and it wasn't done.  Hence,

the build currently only builds static libraries which are then linked

into each application.

NOTE:  If you are building a library NLM that uses the OpenSSL static

libraries, you will still have to deal with the global variable issue.

This is because when you link in the OpenSSL code you bring in all the

globals.  One possible solution for the global pointer variables is to

register memory functions with OpenSSL which allocate memory and charge it

to your library NLM (see the function CRYPTO_set_mem_functions).  However,

be aware that now all memory allocated by OpenSSL is charged to your NLM.

CodeWarrior Tools and W2K

---------------------------

There have been problems reported with the CodeWarrior Linker

(mwldnlm.exe) in the PDK 2.1 for NetWare when running on Windows 2000.  The

problems cause the link step to fail.  The only work around is to obtain an

updated linker from Metrowerks.  It is expected Metrowerks will release

PDK 3.0 (in beta testing at this time - May, 2001) in the near future which

will fix these problems.

Makefile "vclean"

------------------

The generated makefile has a "vclean" target which cleans up the build

directories.  If you have been building successfully and suddenly

experience problems, use "vclean" (gmake -f netware\nlm_xxxx.mak vclean) and retry.

"Undefined Symbol" Linker errors

--------------------------------

There have been linker errors reported when doing a CLIB build.  The problems

occur because some versions of the CLIB SDK import files inadvertently 

left out some symbols.  One symbol in particular is "_lrotl".  The missing

functions are actually delivered in the binaries, but they were left out of

the import files.  The issues should be fixed in the September 2001 release 

of the NDK.  If you experience the problems you can temporarily

work around it by manually adding the missing symbols to your version of 

"clib.imp".